Caddyfile syntax and formatting / header + gzip


(Pascal Andy) #1

Hello folks!
I use Caddy in Prod and I’m looking to add some features to my docker container. It’s based on this project.

I don’t use it as a proxy but only to host a pure static website. No auth or anything fancy.

My basic Caddyfile (working)

:2015 {
    root /srv
}

wip Caddyfile (not working)

Here I want to add gzip + headers.

gzip

:2015 {
    root /srv

	header / {
		Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
		X-Xss-Protection "1; mode=block";
		X-Content-Type-Options "nosniff";
		X-Frame-Options "DENY";
		Content-Security-Policy "upgrade-insecure-requests";
		Referrer-Policy "strict-origin-when-cross-origin";
		Feature-Policy "accelerometer 'none' ; ambient-light-sensor 'none' ; autoplay 'self' ; camera 'none' ; encrypted-media 'none' ; fullscreen 'self' ; geolocation 'none' ; gyroscope 'none' ; magnetometer 'none' ; microphone 'none' ; midi 'none' ; payment 'none' ; picture-in-picture * ; speaker 'none' ; sync-xhr 'none' ; usb 'none' ; vr 'none'";
		Cache-Control "public, max-age=0, must-revalidate";
		Content-Type "text/html; charset=UTF-8"
	}
}

Can you guys see what’s wrong?

Cheers!
P


(Magikstm) #2

gzip needs to be inside your :2015 {

See: https://github.com/caddyserver/examples/blob/master/ghost/Caddyfile


(Pascal Andy) #3

This works.

:2015 {
    root /srv
    gzip
    cache
}

Now let’s add the header. This it’s not working :-/

:2015 {
    root /srv
    gzip
    cache

    header / {
    Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
    X-Xss-Protection "1; mode=block";
    X-Content-Type-Options "nosniff";
    X-Frame-Options "DENY";
    Content-Security-Policy "upgrade-insecure-requests";
    Referrer-Policy "strict-origin-when-cross-origin";
    Feature-Policy "accelerometer 'none' ; ambient-light-sensor 'none' ; autoplay 'self' ; camera 'none' ; encrypted-media 'none' ; fullscreen 'self' ; geolocation 'none' ; gyroscope 'none' ; magnetometer 'none' ; microphone 'none' ; midi 'none' ; payment 'none' ; picture-in-picture * ; speaker 'none' ; sync-xhr 'none' ; usb 'none' ; vr 'none'";
    Cache-Control "public, max-age=0, must-revalidate";
    Content-Type "text/html; charset=UTF-8"
    }
}

(Pascal Andy) #4

Clearly something is wrong with the header section.


(Pascal Andy) #5

Finally, I got it!

:2015 {
    root /srv
    cache {
        default_max_age 15m
        path /caddycache
    }
    gzip {
        level 9
        min_length 1
    }
    header / {
        Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
        X-Xss-Protection "1; mode=block"
        X-Content-Type-Options "nosniff"
        X-Frame-Options "DENY"
        Content-Security-Policy "upgrade-insecure-requests"
        Referrer-Policy "strict-origin-when-cross-origin"
        Cache-Control "public, max-age=15, must-revalidate"
        Content-Type "text/html; charset=UTF-8"
        Feature-Policy "accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'self'; camera 'none'; encrypted-media 'none'; fullscreen 'self'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture *; speaker 'none'; sync-xhr 'none'; usb 'none'; vr 'none'"
    }
}